Disable Firewalld

To disable firewalld, run the following command as root:
Firewalld and NGINX # Firewalld

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld  

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld  

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

systemctl status firewalld  

Open ports on firewalld and selinux

1. Start with checking the port allocation and confirming the port you want to allow access to isn’t already being used,

    sudo semanage port -l | grep http_port_t  
   

2. Allow access to port

    sudo semanage port -a -t http_port_t -p tcp 8090  
   

3. Check firewall ports passthrough

    sudo firewall-cmd --list-all  
   

4. Add port (and make it permanent)

    sudo firewall-cmd --zone=public --add-port=9443/tcp --permanent  
   

5. Reload firewall for the changes to take effect

    sudo firewall-cmd --reload  
   

Please keep in mind that exposing a port, any port to internet can have some serious consiquences. It’s best that such exposed ports are well protected and is a well thought, intentional move.

Typical ports to open NGINX

If you are running a firewall, run the following commands to allow HTTP and HTTPS traffic, and examples of other ports like 8080 (commonly status API) and 9000 (zone_sync port)

# HTTP  
firewall-cmd --permanent --zone=public --add-service=http  
# HTTPS  
firewall-cmd --permanent --zone=public --add-service=https  
# NGINX API on port 8080  
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent  
# NGINX ZONE sync on port 9000  
sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent  
firewall-cmd --reload  

To enable and start and verify the firewall in CentOS 7, execute the following commands.

$ systemctl enable firewalld  
$ systemctl start firewalld  
$ systemctl status firewalld  

Start or Restart NGINX after changes made to firewalld and selinux

## start nginx on boot  
$ systemctl enable nginx  
  
## Start Nginx  
$ systemctl start nginx  
  
## Restart NGinx  
$ sudo service nginx restart  

Open ports on firewalld and selinux

1. Start with checking the port allocation and confirming the port you want to allow access to isn’t already being used,

    sudo semanage port -l | grep http_port_t  
   

2. Allow access to port

    sudo semanage port -a -t http_port_t -p tcp 8090  
   

3. Check firewall ports passthrough

    sudo firewall-cmd --list-all  
   

4. Add port (and make it permanent)

    sudo firewall-cmd --zone=public --add-port=9443/tcp --permanent  
   

5. Reload firewall for the changes to take effect

    sudo firewall-cmd --reload  
   

Please keep in mind that exposing a port, any port to internet can have some serious consiquences. It’s best that such exposed ports are well protected and is a well thought, intentional move.